As federal and state governments struggle to address future healthcare regulation, demand for healthcare that is cheaper, better and faster continues to surge. Every day, new healthcare apps are being developed to respond creatively to this demand. But pitfalls may await unsuspecting app developers where the lightning-fast technology sector meets the highly-regulated healthcare industry. Failure to comply with the Health Insurance Portability and Accountability Act (HIPAA) is one such pitfall.

In this update, we highlight several HIPAA issues that all developers in the healthcare app field should consider, as well as healthcare plans, insurers and others parties contracting with developers.

Their update covers a number of issues, but I thought I’d pull out just one for you that highlights some of the complexities in working in this space:

From whom will the developer be gathering data? A customer or consumer?

Consumer-facing products that are not made available on behalf of a covered entity or business associate generally will not be subject to HIPAA, but may be subject to stringent privacy and security requirements under the Federal Trade Commission Act and state law. Products created for a covered entity or business associate customer that gather data from or provide data to consumers, however, may cause the developer to be subject to HIPAA.